gootkit | 1deec701f0f95e56e1cd7fa7b5722b223f83062093df8def6a0df7f6fa09337c | Triage

Sharing

General

Target

1deec701f0f95e56e1cd7fa7b5722b223f83062093df8def6a0df7f6fa09337c
Size

268KB
Sample

220612-2w7apaefd7
MD5

4c9d497b5680901bdd4b6a3330f776b6
SHA1

0d1f10ccc8b131cd3e03e2c1654f972a154f09cc
SHA256

1deec701f0f95e56e1cd7fa7b5722b223f83062093df8def6a0df7f6fa09337c
SHA512

c8a0e5c5c358222156543bd7da968127a7fb5a8b8d611c6e975f1328d1383dd91d01d63f62f0b34d366c72818ef3840e429c5bcee2de3c8df5662f177717b0b0

Score

10^/10

gootkit 410 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

410

C2

parking.dynophyl.com

parked.dynonortheast.com

trktrk.eu

smeinsurances.co.uk

Attributes

vendor_id
410

Targets

- Target
  
  1deec701f0f95e56e1cd7fa7b5722b223f83062093df8def6a0df7f6fa09337c
- Size
  
  268KB
- MD5
  
  4c9d497b5680901bdd4b6a3330f776b6
- SHA1
  
  0d1f10ccc8b131cd3e03e2c1654f972a154f09cc
- SHA256
  
  1deec701f0f95e56e1cd7fa7b5722b223f83062093df8def6a0df7f6fa09337c
- SHA512
  
  c8a0e5c5c358222156543bd7da968127a7fb5a8b8d611c6e975f1328d1383dd91d01d63f62f0b34d366c72818ef3840e429c5bcee2de3c8df5662f177717b0b0
Score

10^/10

gootkit 410 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit410bankerbotnettrojan

behavioral2